Volerion logoVolerion
Volerion logoVolerion

facileManager fmDNS Module Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the fmDNS module of facileManager, prior to version 6.0.4. This issue allows the injection of malicious JavaScript into a URL by exploiting the log_search_query parameter. The application processes data from untrusted sources in a manner that could lead to security vulnerabilities, enabling the execution of injected scripts.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject and execute malicious scripts in the context of the user's browser.

Reproduction

To reproduce this vulnerability, log into an administrator account and navigate to the admin logs page. Then, use a crafted URL that includes a script injection in the log_search_query parameter. This will trigger the cross-site scripting vulnerability by executing the injected script, such as an alert displaying the document domain.

Remediation

Users are advised to update to version 6.0.4 or later, where this vulnerability has been patched.

Added: Mar 10, 2026, 5:57 PM
Updated: Mar 10, 2026, 5:57 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
5.4
exploitability
5.2
remediation
7.7
relevance
3.9
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.